On 05/25/2011 10:12 PM, Kristjan Kalder wrote: > Is the glsa-check database (or from where it gets its information) > updated on a regular basis or how does it work? > If I run the 'glsa-check -t affected' it newer shows me anything. >
Il I remember well, glsa infos are stored in /usr/portage (metadata or something)... glsa-check -t affected should list all unsecure packages... glsa are updated directly into portage repository, by GLSA team ... So If GLSA team have infos about an unsecure package, you should be informed with glsa-check... and a regular emerge --sync... However, GLSA team seems really busy as there's no new GLSA since sometimes now ... To me, I know I love the way Gentoo is working, and the portage customization (use flags and such) ... but I don't upgrade my packages so oftenly ... mainly because of time issue. Something like, every month for my desktops, and every 3/6 months for my servers ... and due to this, I'm a bit worried about the fact that GLSA team doesn't give recent updates about security issues... Anyway, I still sync everyday, and run glsa-check -m affected just to be sure :) Cya
